遭遇Trojan.Alipop,microinfo.dll,gofwk.pic,game.dll,qpjmy.exe,nnaa.exe,SafeDrv.exe等1

  一位朋友的电脑最近出了问题:进入桌面后要等许久才能操作;360杀毒软件无法启动;自动弹出许多广告网页窗口;IE浏览器被劫持为hxxp://www.97796.cn/?205486;桌面上自动出现“致富秘诀”之类许多广告图标,删除了过一会又来。请偶帮忙检修。

 

  用pe_xscan扫描log,居然无法检测文件的数字签名,用log分析工具处理后,发现如下可疑项(进程模块部分有省略):


/===

pe_xscan 10-03-26 by Purple Endurer
2010-6-21 17:41:30
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式
[System Process]*0
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/system32/winlogon.exe*992|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Windows NT Logon Application|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|winlogon|WINLOGON.EXE
   C:/WINDOWS/system32/winlib .dll
   C:/WINDOWS/system32/syslib .dll
C:/WINDOWS/system32/lsass.exe*1048|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|LSA Shell (Export Version)|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|lsass.exe|lsass.exe
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/svchost.exe*1280|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
   c:/progra~1/qteri/gwrcd.biz|2010-6-21 13:20:7
   c:/program files/google/ac.exe%sessionname%/gofwk.pic
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
C:/WINDOWS/explorer.exe*1704|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Windows Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|explorer|EXPLORER.EXE
   C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/WINDOWS/system32/nsDk.dll
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/WINDOWS/System32/dysgn.dll|2010-6-21 17:20:40|testAtl Module|1, 0, 0, 1|testAtl Module|Copyright 2009|1, 0, 0, 1||?|testAtl|testAtl.DLL
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/WINDOWS/system32/dysg9.dll|2010-6-21 17:20:40|MyTest3 Dynamic Link Library|1, 0, 0, 1|MyTest3|版权所有 (C) 2008|1, 0, 0, 1|||MyTest3|MyTest3.DLL
   C:/WINDOWS/system32/msxmlw.dll|2010-6-21 17:32:1
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
   C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
   C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
   C:/WINDOWS/System32/HtmlUI.dll|2010-6-21 12:19:50|HtmlPeek 动态链接库|1, 0, 0, 1|microsoft dll|Copyright (C) 2009|1, 0, 0, 1|上海国际通讯|?|HtmlPeek|HtmlPeek.dll
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/PROGRA~1/CNRN/RNMain.exe*1832|2009-12-1 11:36:18|中文上网2007|2.0.0.0|RNMain|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNMain|RNMain.exe
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/CNRN/RNList.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNList|版权所有 (C) 2007|2.0.8.1028|国风因特软件(北京)有限公司||RNList|RNList.dll
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
 C:/PROGRA~1/CNRN/RNMain.exe*1844|2009-12-1 11:36:18|中文上网2007|2.0.0.0|RNMain|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNMain|RNMain.exe
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
   C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
   C:/PROGRA~1/CNRN/RNNtfy.dll|2009-12-2 8:32:0|中文上网2007|2.0.0.0|RNNtfy|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNNtfy|RNNtfy.dll
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
C:/WINDOWS/system32/svchost.exe*2020|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
   c:/windows/system32/catius/vioauqadcait.dll|2010-6-21 17:23:55
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/WINDOWS/system32/fbes.exe*2044|2010-6-21 14:17:1
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/WINDOWS/system32/188d.exe*356|2010-6-21 12:13:18
 C:/Program Files/Internet Explorer/Mfc42.sys*400|2010-6-21 12:19:28|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
 C:/WINDOWS/system32Antihhlul.exe*428|2010-6-21 15:17:52|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/rundll32.exe*524|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Run a DLL as an App|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2105)|Microsoft Corporation|?|rundll|RUNDLL.EXE
   C:/WINDOWS/system32/b2fe.dll|2010-6-21 12:13:18|p.dll|1, 0, 0, 1|Play.dll|Beijing Angels Technology ltd. All rights reserved.|1, 0, 0, 1|Beijing Angels Technology ltd.|?|?|?
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
 C:/WINDOWS/system32/upd86D.tmp.exe*556|2010-6-21 13:41:29
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/WINDOWS/system32/qpjmy.exe*580|2010-6-21 13:20:35
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/svchost.exe*596|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
   c:/windows/system32/nethome32.dll|2010-6-21 14:10:35
 C:/Program Files/Pe/PeServer.exe*612|2010-6-21 12:12:54||1.0.0.0|||1.0.0.0||||
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/WINDOWS/system32/nnaa.exe*760|2010-6-21 16:34:45
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
C:/WINDOWS/system32/alg.exe*2224|2008-4-14 20:0:0
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
 C:/Program Files/Internet Explorer/IEXPLORE.EXE*2324|2009-11-24 9:30:6|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Internet Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|iexplore|IEXPLORE.EXE
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNExtend.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNExtend|版权所有 (C) 2007|2.0.5.1029|国风因特软件(北京)有限公司||RNExtend|RNExtend.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
   C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
   C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
   C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
 C:/PROGRA~1/Yahoo!/ASSIST~1/ylive.exe*2548|2009-12-1 11:36:23|YLive|3, 2, 6, 1032|YLive|Copyright 2005 Yahoo! China|3, 2, 6, 1032|Yahoo! China||YLive|YLive.exe
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
 C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDCertM_ABC.exe*2572|2009-12-31 10:15:37|Agricultural Bank of China Monitor|3, 2, 0, 0|monitor|版权所有 (C) 2007|3, 2, 0, 0|Agricultural Bank of China||CertM|CertM.EXE
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/TokenMgr.dll|2009-12-31 10:15:37|SAFE 3.2|3, 6, 3, 2|Token Management Program v3.2|Copyright ? 2007.3|3, 6, 3, 2|Agricultural Bank of China||TokenMgr|TokenMgr.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDAlg.DLL|2009-12-31 10:15:37|ABCSAFE 3.0|3, 5, 12, 20|ABC Cipher Arithmetic Library V3.0|Copyright ? 2005|3, 5, 12, 20|ABC C0., Ltd.||WDAlg|WDAlg.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/wdkmgr.dll|2009-12-31 10:15:37|Watchdata wdkmgr DLL|1, 0, 0, 39|wdkmgr|Copyright 2008 Watchdata|1, 0, 0, 39|Watchdata||wdkmgr|wdkmgr.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/wdpkcs.dll|2009-12-31 10:15:37|ABC 3.1|3, 6, 2, 15|PKCS#11 Interfce Library V3.1|Copyright ? 2006|3, 6, 2, 15|ABC||WDPKCS|WDPKCS.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDCSPUI.dll|2009-12-31 10:15:37|WatchSAFE 3.2|3, 5, 12, 20|CSP User Interface V3.2|Copyright ? 2007|3, 5, 12, 20|Beijing WatchData System Co., Ltd.||WDCSPUI|WDCSPUI.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/UIResC3.DLL|2009-12-31 10:15:37|WDCSPUI Dynamic Link Library|3, 5, 12, 14|UI Chinese Resource DLL|Copy Right (C) 2005|3, 5, 12, 14|||WDSAFEUI|WDSAFEUI.DLL
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/WINDOWS/system32/ABC/ABC SAFE CSP v3.2/WDEvent.dll|2009-12-31 10:15:37|WDEvent Dynamic Link Library|1, 0, 0, 1|WDEvent DLL|版权所有 (C) 2007|1, 0, 0, 1|||WDEvent|WDEvent.DLL
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
 C:/WINDOWS/system32/9E8B99/047E1F.EXE*2600|2010-1-27 8:55:5
   C:/WINDOWS/system32/9E8B99/krnln.fnr|2010-1-27 8:55:4
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/WINDOWS/system32/9E8B99/com.run|2010-1-27 8:55:5|com Dynamic Link Library|1, 0, 0, 1|com DLL|版权所有 (C) 2004|1, 0, 0, 1|||com|com.DLL
   C:/WINDOWS/system32/9E8B99/shell.fne|2010-6-12 15:23:15
   C:/WINDOWS/system32/9E8B99/dp1.fne|2010-1-27 8:55:4
   C:/WINDOWS/system32/9E8B99/eAPI.fne|2010-1-27 8:55:4
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/WINDOWS/system32/9E8B99/internet.fne|2010-1-27 8:55:5|internet Dynamic Link Library|1, 0, 0, 1|internet DLL|版权所有 (C) 2002|1, 0, 0, 1|||internet|internet.DLL
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
 C:/WINDOWS/kai/smss.exe*2672|2010-6-21 13:19:43|ie|1.00|Windows操作系统进程,调用对话管理子系统和负责操作系统对话。|?|1.00|微软|?|smss|smss.exe
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
 C:/WINDOWS/system32/41.exe*2696|2010-6-21 12:13:46|||文件夹||||||
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/WINDOWS/System32/1.2.8/WndHook.dll|2010-6-21 12:19:52
 C:/WINDOWS/ali.exe*2752
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
 C:/Program Files/Internet Explorer/IEXPLORE.EXE*4008|2009-11-24 9:30:6|Microsoft(R) Windows(R) Operating System|6.00.2900.5512|Internet Explorer|(C) Microsoft Corporation. All rights reserved.|6.00.2900.5512 (xpsp.080413-2105)|Microsoft Corporation|?|iexplore|IEXPLORE.EXE
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll|2009-12-2 10:5:18|Helper Module|3, 1, 5, 1033|Helper Module|Copyright 2005 Yahoo! China|3, 1, 5, 1033|Yahoo! China||Helper|Helper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/yscrblock.dll|2009-12-2 10:5:19|yScrBlock module|3, 0, 3, 1004|yScrBlock|Copyright (2005) Yahoo! China|3, 0, 3, 1004|Yahoo! China|Yahoo!|yScrBlock|yScrBlock.dll
   C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
   C:/PROGRA~1/CNRN/RNExtend.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNExtend|版权所有 (C) 2007|2.0.5.1029|国风因特软件(北京)有限公司||RNExtend|RNExtend.dll
   C:/PROGRA~1/CNRN/RNHelper.dll|2009-12-1 14:58:42|中文上网2007|2.0.0.0|RNHelper|版权所有 (C) 2007|2.0.3.1020|国风因特软件(北京)有限公司||RNHelper|RNHelper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Yalliveex.dll|2009-12-11 9:5:35|LiveEx|3, 0, 3, 1012|LiveEx|Copyright 2005 Yahoo! China|3, 0, 3, 1012|Yahoo! China||LiveEx|LiveEx.dll
   C:/PROGRA~1/CNRN/RNLive.dll|2009-12-1 14:58:44|中文上网2007|2.0.0.0|RNLive|版权所有 (C) 2007|2.0.3.1021|国风因特软件(北京)有限公司||RNLive|RNLive.dll
   C:/PROGRA~1/CNRN/RNAxtF.dll|2009-12-2 8:31:59|中文上网2007|2.0.0.0|RNAxtF|版权所有 (C) 2007|2.0.1.1016|国风因特软件(北京)有限公司||RNAxtF|RNAxtF.dll
   C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
   C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll|2009-12-7 8:51:38|yPhtb|3, 1, 2, 1013|yPhtb|Copyright 2005 Yahoo! China|3, 1, 2, 1013|Yahoo! China|||yPhtb.dll
   C:/WINDOWS/system32/nsDk.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL|2009-12-2 10:5:17|DragSearch|3, 1, 1, 1013|DragSearch|Copyright 2005 yahoo! china|3, 1, 1, 1013|yahoo! china|||ydragsearch.dll
   C:/WINDOWS/sogo/3607.667178.dll|2010-6-21 12:12:37|safemon|5.03.0251|?|?|5.03.0251|深圳快播软件技术有限公司|?|Qvod109|Qvod109.dll
   C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
   C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yflashdl.dll|2009-12-8 8:50:52|yFlashDl|3, 1, 1, 1025|Flash video download|Copyright 2007 Yahoo! China|3, 1, 1, 1025|Yahoo! China|||yFlashDl.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar0.dll|2009-12-7 8:51:35|IE ToolBand|3, 5, 1, 1128|IE ToolBand|Copyright 2006 yahoo! china|3, 5, 1, 1128|yahoo! china||ToolBand|ToolBand.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ysearch.dll|2009-12-7 8:51:41|WebSearch Plugin Module|3, 3, 0, 1035|WebSearch Plugin|Copyright 2006 Yahoo! China|3, 3, 0, 1035|Yahoo! China||ySearch|ySearch.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasnoad.dll|2009-12-1 14:58:45|ADKiller Module|3, 0, 7, 1009|ADKiller Module|Copyright 2004 yahoo! china|3, 0, 7, 1009|yahoo! china||ADKiller|ADKiller.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yzsNetProto.dll|2009-12-2 10:5:17|yzsNetProto Module|3, 0, 5, 1006|yzsNetProto.dll|Copyright (2005) Yahoo! China|3, 0, 5, 1006|Yahoo! China||yzsNetProto|yzsNetProto.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yrss.dll|2009-12-7 8:51:39|yRss Module|3, 1, 0, 1011|yRss Module|Copyright (2005) Yahoo! China|3, 1, 0, 1011|Yahoo! China||yRss|yRss.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yaswiper.dll|2009-12-2 10:5:17|Yahoo yTWiper|3, 1, 2, 1012|yTWiper|Copyright (2005) Yahoo! China|3, 1, 2, 1012|Yahoo! China||yTWiper|yTWiper.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasiesec.dll|2009-12-2 10:5:16|yIESecUI module|3, 1, 3, 1015|yIESecUI|Copyright (2005) Yahoo! China|3, 1, 3, 1015|Yahoo! China|Yahoo!|IESecUI|yIESecUI.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YSETTI~1.DLL|2009-12-2 10:5:5|ysettings|3, 3, 0, 1044|ysettings|Copyright 2006 yahoo! china|3, 3, 0, 1044|yahoo! china||ysettings|ysettings.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ymailp.dll|2009-12-8 8:50:50||3, 0, 7, 1013|YMail Alert||3, 0, 7, 1013|Yahoo! China||ymailp.dll|ymailp.dll
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ymyweb.dll|2009-12-8 8:50:52|yMyWeb Module|3, 0, 5, 1007|yMyWeb Module|2006 Yahoo! China|3, 0, 5, 1007|Yahoo! China||yMyWeb|yMyWeb.DLL
   C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/ypagetr.dll|2009-12-8 8:50:52|yPageTr Module|3, 0, 1, 1006|yPageTr Module|Copyright 2007|3, 0, 1, 1006|||yPageTr|yPageTr.DLL
   C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
   C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
F2 - REG: system.ini: UserInit = <C:/WINDOWS/system32/userinit.exe C:/WINDOWS/system32/wbem/360tray.exe>|2008-4-14 20:0:0|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Userinit Logon Application|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2113)|Microsoft Corporation|?|userinit|USERINIT.EXE
O2 - IeAddOn(HklmExPr) - JsObject Class - {11CC93E4-0BE6-4f8f-82AA-D577FB955B05} = C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
O2 - IeAddOn(HklmExPr) - Yahoo!Live - {57421194-58FB-49ae-9B4F-FD48869B9AD4} = C:/PROGRA~1/Yahoo!/ASSIST~1/yalive.dll|2007-12-29 15:16:56|AutoLive Module|3, 8, 0, 1140|AutoLive Module|Copyright 2005 yahoo! china|3, 8, 0, 1140|yahoo! china||YAlive|YAlive.dll
O2 - IeAddOn(HklmExPr) - assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
O2 - IeAddOn(HkcuExSt) - SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} = C:/Program Files/Baidu/AddressBar/AddressBar.dll|2010-5-14 11:32:52|AddressSearch Module|1, 0, 2, 15|AddressSearch Module|Copyright 2009|1, 0, 2, 15|?|?|AddressSearch|AddressBar.DLL
O2 - IeAddOn(HkcuExSt) - IETimbar - {1163E531-B58E-4BB9-B877-0906A0A22AEC} = C:/PROGRA~1/INTERN~1/IETimbar/IETimbar.dll|2010-2-8 15:37:8|IETimebar|3.2.0.0|IETimebar|(c). All rights reserved.|3.2.0.0|IETimebar||IEPlugin.dll|IEPlugin.dll
O2 - IeAddOn(HkcuExSt) - - {296AB1B8-FB22-4D17-8834-064E2BA0A6F0} = C:/WINDOWS/UoDo/game.dll|2007-9-18 19:37:34
O2 - IeAddOn(HkcuExSt) - Yahoo!Photo - {33BBE430-0E42-4F12-B075-8D21ACB10DCB} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yphtb.dll|2009-12-7 8:51:38|yPhtb|3, 1, 2, 1013|yPhtb|Copyright 2005 Yahoo! China|3, 1, 2, 1013|Yahoo! China|||yPhtb.dll
O2 - IeAddOn(HkcuExSt) - 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yasbar0.dll|2009-12-7 8:51:35|IE ToolBand|3, 5, 1, 1128|IE ToolBand|Copyright 2006 yahoo! china|3, 5, 1, 1128|yahoo! china||ToolBand|ToolBand.DLL
O2 - IeAddOn(HkcuExSt) - - {57CC5BE6-65FB-4533-B5C3-11DF00ACC50B} = C:/WINDOWS/system32/nsDk.dll
O2 - IeAddOn(HkcuExSt) - DragSearch BHO - {62EED7C6-9F02-42F9-B634-98E2899E147B} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/YDRAGS~1.DLL|2009-12-2 10:5:17|DragSearch|3, 1, 1, 1013|DragSearch|Copyright 2005 yahoo! china|3, 1, 1, 1013|yahoo! china|||ydragsearch.dll
O2 - IeAddOn(HkcuExSt) - QvodAdBlocker.QvodBlock - {8BB42A01-3D28-4143-A5F8-92270BF9A5B5} = C:/WINDOWS/sogo/3607.667178.dll|2010-6-21 12:12:37|safemon|5.03.0251|?|?|5.03.0251|深圳快播软件技术有限公司|?|Qvod109|Qvod109.dll
O2 - IeAddOn(HkcuExSt) - Messenger Class - {923F7368-0DA9-4F50-B87D-1B2F836DB9AD} = C:/Program Files/Messenger/coshelp.dll|2010-4-19 17:15:26||4.6.4.0|||4.6.4.0||?||
O2 - IeAddOn(HkcuExSt) - Safemon class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:/WINDOWS/system32/syspowerues.dll
O2 - IeAddOn(HkcuExSt) - - {D7B21266-AA85-44B8-B516-3B1A69827400} = C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
O2 - IeAddOn(HkcuExSt) - - {E24B9E23-58CF-4938-B383-49C6D744D728} = C:/PROGRA~1/CNRN/CNRN.dll|2008-1-16 14:28:42|中文上网2007|2.0.0.0|CNRN|版权所有 (C) 2007|2.1.0.1048|国风因特软件(北京)有限公司||CNRN|CNRN.dll
O2 - IeAddOn(HkcuExSt) - yFlashDl Class - {F166BC04-3C84-44CC-A6E9-2315EC4844B9} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yflashdl.dll|2009-12-8 8:50:52|yFlashDl|3, 1, 1, 1025|Flash video download|Copyright 2007 Yahoo! China|3, 1, 1, 1025|Yahoo! China|||yFlashDl.dll
O2 - IeAddOn(HkcuExSt) - assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} = C:/PROGRA~1/Yahoo!/ASSIST~1/Assist/yassist.dll|2009-12-2 10:5:10|yAssist Module|3, 2, 3, 1029|Assist Module|Copyright (2005) Yahoo! China|3, 2, 3, 1029|Yahoo! China|Yahoo!|yAssist|yAssist.DLL
O4 - HKLM/../run: [CNRN]C:/PROGRA~1/CNRN/RNMain.exe C:/PROGRA~1/CNRN/CNRN.dll,Rundll32
O4 - HKLM/../run: [YLive.exe] C:/PROGRA~1/Yahoo!/ASSIST~1/YLive.exe
O4 - HKLM/../run: [CNRNRNHelper.dll] C:/PROGRA~1/CNRN/RNMain.exe C:/PROGRA~1/CNRN/RNHelper.dll,Rundll32
O4 - HKLM/../run: [047E1F] C:/WINDOWS/system32/9E8B99/047E1F.EXE
O4 - HKLM/../run: [KAV] c:/windows/kai/smss.exe
O4 - HKLM/../run: [360safebox] C:/WINDOWS/system32/41.exe
O4 - Startup:047E1F.lnk-> C:/WINDOWS/system32/9E8B99/047E1F.EXE
O4 - Startup:Coopen播放器.lnk-> "C:/Program Files/Coopen/Coopen.exe" /start
O4 - Global Startup:dlldll.vbe-> Invalid lnk file
O4 - Global Startup:home.lnk-> C:/WINDOWS/Temp/tmp.exe
O4 - Global Startup:ie.vbe-> Invalid lnk file
O4 - Global Startup:iecollection.vbe-> Invalid lnk file
O4 - Global Startup:iesearch.vbe-> Invalid lnk file
O4 - Global Startup:ITss.lnk-> C:/RECYCLER/ITss.exe
O4 - Global Startup:system.vbe-> Invalid lnk file

C:/autorun.inf
/-----
[AutoRun]
Open=SafeDrv.exe
Shell/Open=打开(&O)
Shell/Open/Command=SafeDrv.exe
Shell/Open/Default=1
Shell/Explore=资源管理器(&X)
Shell/Explore/Command=SafeDrv.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
Open=SafeDrv.exe
Shell/Open=打开(&O)
Shell/Open/Command=SafeDrv.exe
Shell/Open/Default=1
Shell/Explore=资源管理器(&X)
Shell/Explore/Command=SafeDrv.exe
-----/

ms.job-> rundll32 C:/WINDOWS/system32/b2fe.dll

O9 - IE工具栏扩展按钮HKLM:小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
O9 - IE工具菜单扩展项HKLM:小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
O10 - LSP: MSAFD Tcpip [TCP/IP] = C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: MSAFD Tcpip [UDP/IP] = C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: MSAFD Tcpip [RAW/IP] = C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: RSVP UDP Service Provider = C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O10 - LSP: RSVP TCP Service Provider = C:/WINDOWS/system32/microinfo/microinfo.dll|2010-6-21 14:10:33
O11 - IE扩展选项组:!CNRN (中文上网2007) = 中文上网2007
O22 - SharedTaskScheduler: (ATlMy Class) - {C4560D12-CE25-4A2E-A5D4-B5070FCBE282} = C:/WINDOWS/System32/dysgn.dll|2010-6-21 17:20:40|testAtl Module|1, 0, 0, 1|testAtl Module|Copyright 2009|1, 0, 0, 1||?|testAtl|testAtl.DLL
O23 - 服务: BAPIDRV (BAPIDRV) - C:/WINDOWS/system32/drivers/BAPIDRV.SYS|2010-5-31 9:29:31|?|1.0.0.1005|BAPIDRV|(C)360.cn Inc.All Rights Reserved.|1.0.0.1005|360.cn|?|BAPIDRV.SYS|BAPIDRV.SYS(系统)
O23 - 服务: CNRNDV (CNRNDV) -  system32/drivers/CNRNDV.sys|2009-12-1 14:58:46|中文上网2007|2.0.0.0|CnrnDvXP|版权所有 (C) 2007|2.0.5.1022|国风因特软件(北京)有限公司|?|CnrnDvXP|CnrnDvXP.sys(引导)
O23 - 服务: dticem (Internet Data Services) - C:/WINDOWS/system32/svchost.exe -k dtcGep|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
  -> C:/WINDOWS/system32/Catius/vioauqadcait.dll|2010-6-21 17:23:55(自动)
O23 - 服务: fapsdfj (lskdjflk) - C:/WINDOWS/system32/fbes.exe|2010-6-21 14:17:1(自动)
O23 - 服务: hcpidesk (hcpidesk) - C:/WINDOWS/system32/drivers/hcpidesk.sys|2010-6-21 12:29:9(自动)
O23 - 服务: HidServ (Human Interface Device Access) - C:/WINDOWS/System32/svchost.exe -k netsvcs|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
  -> C:/PROGRA~1/qteri/gwrcd.biz|2010-6-21 13:20:7(自动)
O23 - 服务: Mdlea (Mdlea) - C:/WINDOWS/system32/188d.exe|2010-6-21 12:13:18(自动)
O23 - 服务: MediaCdzmuu (MS Media Condwub Center) - C:/WINDOWS/system32Antihhlul.exe|2010-6-21 15:17:52|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: MediaCnyrns (MS Media Conffhc Center) - C:/WINDOWS/system32Antiaqrel.exe|2010-6-21 13:24:14|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: MediaCzwkmz (MS Media Consskh Center) - C:/WINDOWS/system32/Antieblhk.exe|2010-6-21 17:25:45|360安全卫士|3, 2, 2, 1002|360.cn|(C)360.cn Inc.All Rights Reserved.|360主动防御服务模块|(C)360.cn Inc.All Rights Reserved.|?|3, 2, 2, 1002|ZhuDongFangYu.exe(自动)
O23 - 服务: Messenger (Messenger) - C:/WINDOWS/system32/svchost.exe-k netsvcs|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
  -> C:/Program Files/Google/ac.exe%SESSIONNAME%/gofwk.pic(自动)
O23 - 服务: Microsoft Office Word (Microsoft Office Word) - C:/WINDOWS/system32/upd86D.tmp.exe|2010-6-21 13:41:29(自动)
O23 - 服务: Ms-tl_Srv (ms-tl) - C:/WINDOWS/tinlater.exe(自动)
O23 - 服务: National (National Instruments Domain Service) - C:/WINDOWS/system32/qpjmy.exe|2010-6-21 13:20:35(自动)
O23 - 服务: NetHomeIDE (NetHomeIDE) - C:/WINDOWS/system32/svchost.exe -k mysysgroup3|2008-4-14 20:0:0|Microsoft? Windows? Operating System|5.1.2600.5512|Generic Host Process for Win32 Services|? Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2111)|Microsoft Corporation|?|svchost.exe|svchost.exe
  -> C:/WINDOWS/system32/nethome32.dll|2010-6-21 14:10:35(自动)
O23 - 服务: PeService (PeServer) - C:/Program Files/Pe/PeServer.exe|2010-6-21 12:12:54||1.0.0.0|||1.0.0.0||||(自动)
O23 - 服务: plqiz (plqiz) -  system32/drivers/ftbff.sys||1, 0, 0, 1||Copyright 2009|1, 0, 0, 1|Microsoft Corporation|||(引导)
O23 - 服务: pnpmem (pnpmem) - C:/WINDOWS/system32/drivers/pnpmem.sys|2010-6-21 12:38:51(自动)
O23 - 服务: R2A (R2A) - C:/WINDOWS/system32a2.sys(禁用)
O23 - 服务: werer (kuiiuk) - C:/WINDOWS/system32/nnaa.exe|2010-6-21 16:34:45(自动)
O23 - 服务: WinHelp32 (Windows Help System) - C:/WINDOWS/system32/WinHelp32.exe|2010-6-21 12:14:36|Rising AntiVirus 2009|21.00|RavCopy Module|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|ravcopy.exe(自动)
O23 - 服务: yaskp (yaskp) -  system32/drivers/yaskp.sys|2010-6-12 8:24:33|KMD|KMD|KMD|Copyright (c) yahoo Corporation.|3.0.9.1010|Copyright (C) yahoo Corporation.|?|yaskp.sys|yaskp.sys(引导)
O24 - ShlExecHook: [] - {D7B21266-AA85-44b8-B516-3B1A69827400} = C:/PROGRA~1/CNRN/RNEvent.dll|2009-12-1 11:36:26|中文上网2007|2.0.0.0|RNEvent|版权所有 (C) 2007|2.0.3.1018|国风因特软件(北京)有限公司||RNEvent|RNEvent.dll
O24 - ShlExecHook: [] - {DD7D4640-4464-48C0-83FD-21338366D2D3} = C:/Program Files/Internet Explorer/Mfc42.tdm|2010-6-21 17:31:3|Rising AntiVirus 2009|21.00|RsAgent Application|Copyright(C) 2008-2009 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.|21.0.0.17|Beijing Rising Information Technology Co., Ltd.|?|Beijing Rising Information Technology Co., Ltd.|RsAgent.EXE
O26 - IFEO: 360deepscan.exe -> ntsd -d
O26 - IFEO: 360hotfix.exe -> ntsd -d
O26 - IFEO: 360rp.exe -> ntsd -d
O26 - IFEO: 360rpt.exe -> ntsd -d
O26 - IFEO: 360Safe.exe -> ntsd -d
O26 - IFEO: 360safebox.exe -> ntsd -d
O26 - IFEO: 360sd.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> ntsd -d
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: AntiArp.exe -> ntsd -d
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: arvmon.exe -> ntsd -d
O26 - IFEO: AutoGuarder.exe -> ntsd -d
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: avcenter.exe -> ntsd -d
O26 - IFEO: avgaurd.exe -> ntsd -d
O26 - IFEO: avgnt.exe -> ntsd -d
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: avp.com -> ntsd -d
O26 - IFEO: avp.exe -> ntsd -d
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: DSMain.exe -> ntsd -d
O26 - IFEO: egui.exe -> ntsd -d
O26 - IFEO: ekrn.exe -> ntsd -d
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: findt2005.exe -> ntsd -d
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IceSword.exe -> ntsd -d
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> ntsd -d
O26 - IFEO: IsHelp.exe -> ntsd -d
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: kabaload.exe -> ntsd -d
O26 - IFEO: KaScrScn.SCR -> ntsd -d
O26 - IFEO: KASMain.exe -> ntsd -d
O26 - IFEO: KASTask.exe -> ntsd -d
O26 - IFEO: KAV32.exe -> ntsd -d
O26 - IFEO: KAVDX.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> ntsd -d
O26 - IFEO: KAVSetup.exe -> ntsd -d
O26 - IFEO: KAVStart.exe -> ntsd -d
O26 - IFEO: killhidepid.exe -> ntsd -d
O26 - IFEO: KISLnchr.exe -> ntsd -d
O26 - IFEO: kissvc.exe -> ntsd -d
O26 - IFEO: KMailMon.exe -> ntsd -d
O26 - IFEO: KMFilter.exe -> ntsd -d
O26 - IFEO: KPFW32.exe -> ntsd -d
O26 - IFEO: KPFW32X.exe -> ntsd -d
O26 - IFEO: KPFWSvc.exe -> ntsd -d
O26 - IFEO: KRepair.COM -> ntsd -d
O26 - IFEO: krnl360svc.exe -> ntsd -d
O26 - IFEO: KsLoader.exe -> ntsd -d
O26 - IFEO: kswebshield.exe -> ntsd -d
O26 - IFEO: KVCenter.kxp -> ntsd -d
O26 - IFEO: KvDetect.exe -> ntsd -d
O26 - IFEO: kvfw.exe -> ntsd -d
O26 - IFEO: KvfwMcl.exe -> ntsd -d
O26 - IFEO: KVMonXP.kxp -> ntsd -d
O26 - IFEO: KVMonXP_1.kxp -> ntsd -d
O26 - IFEO: kvol.exe -> ntsd -d
O26 - IFEO: kvolself.exe -> ntsd -d
O26 - IFEO: KvReport.kxp -> ntsd -d
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> ntsd -d
O26 - IFEO: KVStub.kxp -> ntsd -d
O26 - IFEO: kvupload.exe -> ntsd -d
O26 - IFEO: kvwsc.exe -> ntsd -d
O26 - IFEO: KvXP.kxp -> ntsd -d
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> ntsd -d
O26 - IFEO: KWatch9x.exe -> ntsd -d
O26 - IFEO: KWatchX.exe -> ntsd -d
O26 - IFEO: LiveUpdate360.exe -> ntsd -d
O26 - IFEO: loaddll.exe -> ntsd -d
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: McNAsvc.exe -> ntsd -d
O26 - IFEO: McProxy.exe -> ntsd -d
O26 - IFEO: Mcshield.exe -> ntsd -d
O26 - IFEO: Mcsysmon.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: NAVSetup.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> ntsd -d
O26 - IFEO: nod32kui.exe -> ntsd -d
O26 - IFEO: PFW.exe -> ntsd -d
O26 - IFEO: PFWLiveUpdate.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: Ras.exe -> ntsd -d
O26 - IFEO: Rav.exe -> ntsd -d
O26 - IFEO: RavCopy.exe -> ntsd -d
O26 - IFEO: RavMon.exe -> ntsd -d
O26 - IFEO: RavMonD.exe -> ntsd -d
O26 - IFEO: RavStore.exe -> ntsd -d
O26 - IFEO: RavStub.exe -> ntsd -d
O26 - IFEO: ravt08.exe -> ntsd -d
O26 - IFEO: RavTask.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> ntsd -d
O26 - IFEO: RegEx.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> ntsd -d
O26 - IFEO: RfwMain.exe -> ntsd -d
O26 - IFEO: rfwolusr.exe -> ntsd -d
O26 - IFEO: rfwProxy.exe -> ntsd -d
O26 - IFEO: rfwsrv.exe -> ntsd -d
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: Rsaupd.exe -> ntsd -d
O26 - IFEO: RsMain.exe -> ntsd -d
O26 - IFEO: rsnetsvr.exe -> ntsd -d
O26 - IFEO: RSTray.exe -> ntsd -d
O26 - IFEO: runiep.exe -> ntsd -d
O26 - IFEO: safebank.exe -> ntsd -d
O26 - IFEO: safeboxTray.exe -> ntsd -d
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: scan32.exe -> ntsd -d
O26 - IFEO: ScanFrm.exe -> ntsd -d
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: smartassistant.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: SREng.exe -> ntsd -d
O26 - IFEO: SREngPS.exe -> ntsd -d
O26 - IFEO: SuperKiller.exe -> ntsd -d
O26 - IFEO: symlcsvc.exe -> ntsd -d
O26 - IFEO: syscheck.exe -> ntsd -d
O26 - IFEO: Syscheck2.exe -> ntsd -d
O26 - IFEO: SysSafe.exe -> ntsd -d
O26 - IFEO: ToolsUp.exe -> ntsd -d
O26 - IFEO: TrojanDetector.exe -> ntsd -d
O26 - IFEO: Trojanwall.exe -> ntsd -d
O26 - IFEO: TrojDie.kxp -> ntsd -d
O26 - IFEO: UIHost.exe -> ntsd -d
O26 - IFEO: UmxAgent.exe -> ntsd -d
O26 - IFEO: UmxAttachment.exe -> ntsd -d
O26 - IFEO: UmxCfg.exe -> ntsd -d
O26 - IFEO: UmxFwHlp.exe -> ntsd -d
O26 - IFEO: UmxPol.exe -> ntsd -d
O26 - IFEO: UpLive.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> ntsd -d
O26 - IFEO: ZhuDongFangYu.exe -> ntsd -d
O26 - IFEO: zxsweep.exe -> ntsd -d
O29 - HKCU-Start Page = hxxp://www.97796.cn/?205486
O29 - HKCU-Search Page = hxxp://www.yahoo.com.cn
O29 - HKCU-Search Bar = hxxp://www.addresscn.com/srchasst.htm
O29 - HKLM-Start Page = hxxp://www.97796.cn/?205486
O29 - HKLM-Search Page = hxxp://www.yahoo.com.cn
O29 - HKLM-Default_Page_URL = hxxp://www.wz157.cn
HKLM/SHOWALL    值非1
ScrSave = C:/Program Files/Coopen/Coopen.scr|2010-4-26 14:46:52|CoopenSaveScreen|5, 0, 0, 103|CoopenSaveScreen|(c) 北京首都在线网络技术有限公司. All rights reserved.|5, 0, 0, 103|北京首都在线网络技术有限公司|北京首都在线网络技术有限公司|CoopenUI|CoopenSaveScreen.src

 

===/

你可能感兴趣的:(c,Microsoft,Module,Yahoo,application,2010)